Talkdesk Develops ‘CX Fraud Defense Playbook for Banking’

By Roy Urrico

As the threat landscape evolves, credit unions and other financial institutions (FIs) need smarter, adaptive defenses that shield members and maintain trust without increasing friction. A whitepaper, Dynamic and Multilayered: The CX Fraud Defense Playbook for Banking, from Palo Alto, Calif.-based Talkdesk, a provider of artificial intelligence (AI)-powered customer experience (CX) technology, details how to protect members and systems as part of a seamless, trusted experience.

“Banking fraud is no longer confined to stolen cards or compromised passwords but is transforming, quickly, into a sophisticated impersonation. Fraudsters don’t need to breach databases; they just need to sound convincing,” advises the Playbook. “With AI making impersonation easier than ever, single-factor authentication, like passwords or PINs, or static defenses are obsolete. As fraud gets smarter, more agile, and more personal security strategies must evolve in parallel.”

Rahul Kumar, vice president and general manager of financial services and insurance at Talkdesk, sat down with Finopotamus to discuss the Playbook, and steps FIs should take to:

• Fortify the front door with stronger, context-aware security.

• Build a culture and mindset around proactive fraud prevention.

• Strengthen incident response and resilience to maintain continuity and confidence.

“Most credit unions at this time are having fraudsters eat their lunch. There's a lot of synthetic fraud being pushed in different mechanisms into some of these organizations. And obviously a $500 million credit union does not have the same semblance of security and is not able to invest in the same level of technology as somebody like a JPMorganChase or Bank of America,” Kumar said. “That's the truth. But I think it is becoming increasing increasingly apparent that they need to start fortifying their front doors. And when I say the front door there are certain channels that are driving incremental fraud into these organizations.”

Multilyered Fraud Prevention Strategy

“When I look at the member journey, it can meander from a chat interaction into a phone conversation. The whole idea is that the authentication is agnostic of the channel. It's constantly looking at the transcription of what's going on, and then either giving you insights or helping you take actions,” said Kumar.

But the Playbook maintains no fraud prevention method is perfect. Deepfakes, AI-generated voices that sound like the real person, can, for example, even trick voice ID. “Savvy criminals have proven they can clone a person’s voice to trick automated systems. No single authentication factor is infallible, not passwords, not one-time codes, not voice alone.”

The safest strategy is to use multiple layers of security, not just one, recommends Talkdesk in the Playbook. What is the first line of defense in stopping fraud? Making sure the right people get in while keeping impostors out. “That starts at the front door with multifactor authentication (MFA) across all channels. It asks customers to confirm their identity using a combination of factors, like a PIN, a code sent to their phone, or a biometric identifier, such as a fingerprint or voice, which highly reduces fraudulent access.”

Fortifying Security

Credit unions, suggested Kumar, need to take a hard look at the security of their data processing platforms, contact center, payment mechanisms and other interactive systems. “With the whole rise of e-commerce, everybody is using information to make purchases digitally, and that is leading to a lot of information leakage across the board,” Kumar said. “If credit unions are going to hold their mission — ‘we are people first, we are member first,’ — they need to be in a position to say, ‘Hey, your information is secure with us. Your financial wellbeing is secure with us.’”

Talkdesk is positioning itself at the “front door,” which for many members is now the contact center, Kumar noted. “For a lot of credit unions that had that brick-and-mortar operating model, volume has shifted into the contact center.”

Kumar further suggested that security begins when determining the intent behind the initial conversation. High-risk transactions or interactions — like a large money transfer — require additional verification steps. If it is something low-risk — like checking a balance — keep it simple. Modern contact center platforms (including cloud solutions) can adjust security on the fly, based on what the customer is doing and how risky it is.

That is where AI should come into play, emphasized Kumar. “Is the AI intelligent enough to now understand what level of authentication you actually offer against a particular conversation and pivot between one or a combination of others to be able to do that. If you're asking me for an account balance, I'll use your voice to authenticate you and give you a balance,” he continued. “But if you're asking to move $10,000 away from the bank or the credit union, I am augmenting that with an OTP (one-time password) to cover the risk exposure there.”

Talkdesk supports this smart security approach that lets legitimate clients in quickly and quietly, while throwing up roadblocks for suspicious behavior. “In short, flexible authentication keeps your contact center secure without making life harder for your clients.”

Evolving Tactics and Incident Response

The Playbook explained fraudsters’ tactics continually evolve, and new vulnerabilities emerge faster than any static security checklist can anticipate. That’s why leading FIs improve defenses with continuous monitoring and AI-driven fraud detection inside the contact center.

Kumar acknowledged deepfakes exist and they are getting better. “Fraudsters probably are the smartest guys in the room. Their whole mission is to break (the guardrails). That is why it is even more important to not hang your hat on just one way of authenticating somebody,” he added. “If you make your authentication workflow single threaded, that's where you're exposing yourselves much more. You always need to look at a multifactor way of ensuring that you're able to protect your exposure and your member's exposure.”

The Playbook also described how banks and credit unions have long prioritized prevention, but “as threats continue to grow, it’s prudent to assume that a determined attacker will eventually find a way in, or that an incident like a data breach or system outage will occur despite all precautions.”

So how do organizations get smarter about prevention and response? According to Kumar, by leveraging and applying every interaction based on its inherent risk for it. “Each organization must assess whether they have flexible mechanisms to not only identify risks but also possess authentication mechanisms to support or offset the organization’s risk exposure,” he emphasized.

“It can be through technologies like voice biometrics, for example, as an authentication mechanism. It could be through one-time passwords,” he continued. “It could be access to knowledge-based questions. It could be through data pulled in real time to the core systems. But then flexible enough (and) not tied to one particular way of authentication.”

Kumar also commented on a recent Identity Theft Resource Center (ITRC) report, which cited that criminals have prioritized attacking static identifiers, such as banking accounts, that facilitate long-term identity fraud over easily replaceable data, such as credit cards.

“Credit unions and community banks need to rethink scenarios where they mandate their customers to expose their full account numbers. There are also AI capabilities that can help you redact some of this information in real time,” said Kumar. “So, if there is mention of a full member account number, Talkdesk can redact the full PII (personal Identifiable Information) from the transcript of the call recording.”